Posted
by
BeauHDon Monday March 28, 2016 @08:14PM
from the twisted-ways dept.

An anonymous reader writes: Andrew Auernheimer, a black hat hacker known as "Weev," has admitted to hacking thousands of Internet-connected printers and making them print-out racist and anti-semitic messages. As you'd expect, the hack took place after the hacker used a simple port scanner and found millions of unprotected, Internet-accessible printers. He then used a one-line Bash command that sent them a PostScript file on port 9100. This triggered all printers to print his anti-semitic message. Ironically, the hacker is a former Jew turned neo-nazi while incarcerated for a questionable "hacking" incident when he revealed to Gawker that ATT had failed to protect one of their servers. The printer hack affected devices at USC, UC Berkeley, Northwestern, UMass, Princeton, Brown University, the University of Wisconsin-Milwaukee, DePaul University in Chicago, Clark University in Worcester, and many more.

Is an African American who develops a bizarre hatred of African Americans suddenly no longer black?Is a white man who believes that whites are responsible for all the evil in the world suddenly Native American?

He can disavow Judaism - plenty of Jews do it. They're called "secular Jews." They're still Jews, and he is, too.

Here is the problem with that argument. My mother and father adopted me because they couldn't have kids. As far as I know they are a straight hetro couple. According to you, my mother isn't a woman, according to her birth certificate she is.

I have trans friends, I don't fully understand it, but I don't fully understand most things. They say that your physical sex is developed before your brain "sexes" There are different chemicals that regulate gender (estrogen and testosterone to start with)

My argument is this: If you can say that mental retardation is a real thing, then there must be differing degrees of change. Unless every down-syndrome kid is making it up, then you have to admit that the brain effects how you act and perceive the world. So, on the far end of the spectrum, you have DS, where do you draw the line between "born that way" and "just making it up for attention". Do doctors try to cure down syndrome, or do they teach the family how to cope with the different. I know there will be people who disagree with comparing the LGBTQ population with someone with down-syndrome. I don't, Reproduction is a part of the biological process. If you are not attracted to the opposite sex, then that is a disability in the mating process. That doesn't mean we need to find a cure, not everyone needs to produce offspring.

Next, lets look at the inter-sexed. There are people with both or neither fully developed sex organs. So there is proof that gender identity can be muddy from birth. Again, like the down syndrome argument,where do you draw the line? This person has a male sex organ, however, his brain doesn't produce enough testosterone for him to even go though the puberty. Is that a male or a female? So you have a guy with junk that doesn't work, and a high pitched voice, why not let him chop the broken shit off, get some fake tits, and at least conform to one norm in public. I mean, the only person who should know whats between your legs is the person, or people, serving it.

Recognizes that there are absolutes and scientific truths that transcend relative social considerations of the day.
Recognizes that good medical science cannot exist in a moral vacuum and pledges to promote such science.
Recognizes the fundamental mother-father family unit, within the context of marriage, to be the optimal

My wife worked in an office where there was a man who had gone all the way with a sex change to become a woman and was in a lesbian affair with a (real) woman. It actually made my head hurt to think about it.

No, he is not. His former religion may claim that he is, but in actual fact he is a former Jew. Being a Jew is not something genetic. It takes two brain cells to rub together to see that however, which you obviously lack.

I know it can be confusing but, Jew actually references two separate things. There's "Jew" as in the Judah religion which is something you can adopt or leave as most other religions. When you hear "former Jew", this is always what they are referring to. The second is ethnic "Jew" which refers to family lineages dating back to ancient Sumer and is not something you can leave. Most religious Jews and ex-Jews are also ethnic Jews but, there are exceptions. This is why Christian Jew or Muslim Jew are not oxymorons. Neo-nazi Jews have got to be some of the most self-loathing people on the planet.

Exactly, the idea that Jews are a separate race is one of the most destructive elements of antisemitism (and one, sadly, largely perpetuated by Jews themselves). This idea goes back to all that "chosen people" stuff from the Torah, but even there it's clear that they were "chosen" not for their racial characteristics, but for their adherence to religious principles. And even if the Hebrews once had a distinct tribal "race" or "ethnicity", thousands of years of interbreeding, diaspora, migration, etc. have l

Nonsense. 'Jew' is a religious and/or cultural affiliation only indirectly related to genetics (there are jews of all "races"). You can choose not to be a Jew anymore, same as you can choose not to be a Christian or an American (emigrate and renounce your US citizenship). You can even choose not to be a white-supremacist neo-nazi any more.

Of course to neo-nazis, he'll still be a jew and will always be a jew. with their fuckwitted ideology, the "taint" can never be removed. It's no great strecth of the imagination to guess that this is the "reasoning" behind your objection.

By contrast, you can't change your genes. You can't choose not to be black or white any more. Not that it matters that much, scientifically speaking - "race" has been conclusively proven to be primarily a cultural construct. The genetic differences are minor almost to the point of irrelevance, aside from cultural prejudices.

of course, racist fuck-knuckles will never admit or acknowledge this fact.

Ironically, the hacker is a former Jew turned neo-nazi

and thus ends the idiotic myth that "hackers" are always smart. here's proof that at least one of them is a complete fucking cretin.

This is like the sex vs gender thing, its a not an important distinction most of the time so its easy to miss. There are Jews of all races because its not closed system, others are allowed to adopt the faith. Other races become included by marriage as well etc.

There is also the genetic issue of being descended from the Hebrew tribes.

How is this, logically, an exception to the "rule" cas2000 stated? Individual people can easily do apparently incoherent or self-defeating things. In fact, the ability to persevere in this is sometimes a great strength, though often a weakness and almost always quite painful.

Is an African American who develops a bizarre hatred of African Americans suddenly no longer black?Is a white man who believes that whites are responsible for all the evil in the world suddenly Native American?

He can disavow Judaism - plenty of Jews do it. They're called "secular Jews." They're still Jews, and he is, too.

No. Religion is a choice one makes and has nothing to do with genetics. If he decided not to be Jewish, then he is no longer Jewish.

Is an African American who develops a bizarre hatred of African Americans suddenly no longer black?
Is a white man who believes that whites are responsible for all the evil in the world suddenly Native American?

He can disavow Judaism - plenty of Jews do it. They're called "secular Jews." They're still Jews, and he is, too.

Even if he and "the Jews" accepted he's no longer a Jew - why the hell would the neo-Nazis? The old-time-Nazis killed many who thought of themselves as Germans (and even fought for them in the first World War), and didn't practice the religion in generations.

IOW, no he isn't a neo-Nazi, because they won't accept him as anything but an example how opportunistic Jews are; certainly not as one of their own.

Suppose my father is 1/2 Irish and 1/2 German and my mother is 1/2 Spanish and 1/2 French.I would be 1/4 Irish, 1/4 German, 1/4 Spanish and 1/4 French.This is how ethnicity works.

Let's suppose that being Jewish is an ethnicity.Now suppose my mother is Jewish and my father is not Jewish at all.I would be 100% Jewish.That's not how ethnicities work. Therefore being Jewish is a religious thing.

And it's impossible to renounce your Jewishness, so your identity is force upon you by a religion you may not believe in. Other jews will define you by it. It seems strange to me.

I have to wonder (not having read his rants and no plan to) if he's anti-Semitic or a anti-Zionist (having met several rabbis that identify themselves as the latter, it's obvious there's a bit of a difference).

Because they got connected to a network and nobody thought about how the data was getting to them. The admins made it easy to connect, using DHCP to grant them addresses and not being in tight control of every attached device. Notice that most of the targets (all?) were universities.

Except some places. Here, for example, the admin blocks access to known printers at the router.

But this was not "hacking a printer". It was using a publicly available printer for the purpose it was designed to do. It took no intelligence to do this, no modification to the printers, only a brute force scan of the net for addresses with an open port 9100. Yawn. Very impressive.

"hacking a printer" maybe the pay system by just useing the open door to get past it.

Now let's say an hotel has payed breakfast but it's some what hidden as where that is listed and there is no on at the wide open door to the breakfast room and no system to stop people from useing the door at all?

The problem is he port scanned to find the printers. The law in many places views that as going to every house in a town and checking to see if the front door is unlocked. Even if it is, all you did was avoid a "breaking an entering" charge but are still guilty of trespass.

They can't be on the DMZ. Most likely he guessed and "walked" (war dialed) the internal private IP range of 192.168.1.x and attempted port 9100. OTOH, firewalls are SPI at the least so I'm not sure how he pulled that off. The fact the private IP assigned was static or dynamic doesn't matter with regards to this ability.

You throw around nice terms like "walk" and "spi" having no clue of network architecture and how ip actually works. Stateful package inspection has no relevance to inability to pass NAT to the internal network. It requires a reverse NAT action from their router to reach inside.

Also you assume that the printers were on private ip range and NATted - which they probably were not.

You throw around nice terms like "walk" and "spi" having no clue of network architecture and how ip actually works.

Thanks for being a dick.

But to respond to your comment directly; yes, I assume that the printer is on a private ip. Why not? Who in the fuck puts client devices on the internet these days??!! It's just back practice all around. I'm not saying it can't happen, but in my professional experience with the SMB market, NAT implies extra client address space as well as implicit security. Of course, ha

My point is that SPI is totally irrelevant on accessing NATted private IPs from outside. The router drops the packets from outside not because of SPI, but because it has no instruction what to do with those packets. If you try going around calling your opinions "professional", you should know that.

As far as private ips are concerned - it is quite obvious from the article that the printers had public ips. Universities put them on public ips. That in itself is not a bad practice as they have no

My point is that SPI is totally irrelevant on accessing NATted private IPs from outside. The router drops the packets from outside not because of SPI, but because it has no instruction what to do with those packets

So you're saying forged packets aren't broadcasted in the open? I've seen plenty of firewall rules where the source from = public IP to destination = private IP. That could be internal 192.168.x.x or 10.x.x.x. Obviously, if that private IP subnet doesn't exist, there won't be a route for it.

At one time printers were extremely expensive. These most likely still are and are not the brother desktop variety but more like the document center types. Anyways because of the expense the printers were shared between departments usually on different subnets which would require routable addresses for the printers.

In most likelyhood of a HP variety. Or something behind a jetdirect print server. If i remember correctly 9100 is HP proprietary standard although some other manufacturers have now started to listen to it.

DHCP will hand you out whatever IP address it is configured to. Why do you think it would work any different?

"WTF why"

If you mean, technically, the right question would be WTF not? If you are asking why some institution would manage public IP addresses that way, that's because universities got into the Internet thingie quite soon and quite a lot of them got B classes and they assigned public IP addresses just to any single device that required and IP (there was no NAT and basically no need for that back then) and some of that management has percolated to present day.

"why not give printers fixed IP's"

Because back then, it worked basically in a self management way; once IT departments started to appear, they were usually less capable and less available than the self-management they were meant to substitute so in order to both avoid back-pressure and allow things being done, in many situations they ended up going for the less resistance path -any way, the one that gave them less work, and so you end up with a DHCP environment both giving public IP addresses and no assignations (and usually only minor segmentation).

"Fixed" as opposed to what? I give out all my fixed ip's through dhcp. Its much easier to manage and everything is in a single plaece.

The question here is why the printers are accessible through the internet.

I myself have printed out many hefty manuals on the modern wifi printers that have been left with factory settings with public printing. I never considered that "hacking" though. It is strange what nowadays passes as "hacking".

Of course, or did you think the internet consisted of plug in your modem + magic?

WTF why and why not give printers fixed IP's works better for a lot of stuff.

If you had a public routeable IP address pool why would you screw up your network infrastructure and not use it?

I have 5 public IP addresses. The only reason my printer is not on the internet is because I have 7 devices. Now a more important question is where was the firewall and the network security. This is something that is 100% independent of your IP address.

Well as others have pointed out you certainly can assign static IPs via DHCP. Usually you say this "MAC address gets this IP" in the vernacular of whatever configuration method your server software uses.

IPv6 will ultimately help with this but in the IPv4 world I am of the opinion that basically nothing other than routers (and devices performing similar functions) and DNS servers should have hard coded 'fixed' addresses on a well designed network. Which is not say that lots of other servers and resources s

Many years ago I worked in a University. All devices, printers included, had public IP addresses (and open ports). It was a hang-over from a previous time, when that was just how the uni set things up and deeply tied into the internet billing (charge by the byte) system the uni had. I was only a lowly desktop guy at the time but it was still a real problem for us. Every desktop PC, server, printer, whatever had a public IP. To block any ports, and I am being fully serious here, required approval from the university senate. Not an IT group - a bunch of arts lecturers and student guild type people. And they equated "blocking ports" with "censoring the internet". So absolutely every time we tried to change things, senate voted it down and we were stuck, for many years, with only ports for SMB blocked - every other port was open. To the world. On all our devices. We were allowed firewalls on devices like PCs - but that's not so easy on a printer.

Every morning we had to restart every printer with a HP jet direct (and many times during the day) because it turns out of you port scan an old jet direct, it hangs. We'd also have to leave printer trays open over night, so they couldn't just waste printer paper all night long, printing NIMBDA crap. We used to find that if you installed Windows on a PC or server with the NIC connected, it was literally infected before the installation was complete (truly).

Invisible mod points applied.... Thank you for the laugh. It has been a while since I have been in that kind of environment. It is unreal how many non-IT people are in charge of the most important aspects. The only thing worse than University network play callers are in the medical realm. Doctors think they are God over EVERYTHING and when you combine university AND medical facilities.....hang on to your sanity.

"The University’s Office of Equal Opportunity and Access and Bias Response Team are investigating hateful anti-Semitic fliers that were sent Friday, March 25, to several networked print and FAX devices. Other universities across the country also have reported receiving similar fliers."

I'm pretty sure this is how it worked at the University I worked for, although I left before even dialup IP was widespread.

But we did have a giant Appletalk internetwork and a friend and I always wondered how much campus infamy we could create by printing smut all over campus through all of the many LaserWriters visible on the the Appletalk network.

The downside was that printing was relatively slow and while waiting to print I think you could see some kind of computername and zone name of the user who was c

Because people are stupid. And I do not mean users, I mean the sysadmin that configured the printer with a public IP or allowed it to get one from the DHCP server. An ordinary user would at least have some level of valid excuse...

Sysadmins have assigned public ip, because that is how it works in a uni. There is no NAT. NAT is a hack for the puny humans who do not have/16 ip blocks lying around. So assigning an ip from a private ip range would not work at all...

Also it is not at all stupid to assign said public ips with dhcp. On the contrary - it is very smart.

However it was stupid to allow public access from the internet to said ip addresses.

And it is stupid to assume that all networks are like your network at home.

I don't blame this guy. Sure, he's got extreme views, but he has done all those companies a great service by showing them how UTTERLY STUPID THEY ARE by allowing public access to their printers.

Lets try a simple thought exercise. Would you also not blame this guy if instead of sending out anti-Semitic messages he instead sent out naked pics of you jerking off to bestiality porn while on a business trip to a very conservative location?

After all its the fact that he could send his message and not the content of the message that is important according to you.

Yeah, he did some real good public service there. We should give him a fucking Nobel prize for service to the community or something \s

What next? Stab people to teach them a lesson for being so utterly stupid by not wearing stab proof vests in public? Burn peoples houses down to teach them a lesson for being so utterly stupid by not installing sprinkler systems? Put cyanide in the municipal water supply to teach everyone a lesson for being so utterly stupid by not installing cyanide detectors in the municip

It could have been worse. I remember when something like this happened at work (for very similar reasons) except whoever was doing it was sending seemingly unlimited jobs that would run through entire reams of paper and eat through toner, so when you'd get to work in the morning there'd be a huge stack of wasted paper. This is pretty damned childish, but he could have done worse by inverting the image so it was mostly printing black and had it spit out thousands of copies.

You've clearly never worked in higher ed. Very Important Professors like to hand a (grad) student a printer and tell them to "set it up" -- by which they mean plug it in, find an IP it can sit on (probably squatting on someone else's but who cares it mostly works), install it on the prof's machine, and get back to that research said student is supposed to be doing.

Are local network printers in a public place fair game to print to under the law?

I know of libraries where you have to pay to print and they have some kind of card / coin system hooked to the printers and copiers.

Some hotels have free printers in the guest areas some even have them on the guest network.

DePaul University seems to have pay printing with 3rd party software?

But will the printers just show up in windows add printers just by it doing an local network printer scan? Now what if you are at a place with pay printing or printers that use some kind of AD lockdown / windows based pay printing but you don't know that (say they have free wifi) and windows just auto finds the printer / jet direct card did you just brake the law?

The IoT insecurity issue is one that needed highlighting in a way that people would notice, without any real harm being done. If this makes people close a few holes and go looking for others then it is without doubt a very good thing.

He could have done much worse, there are pieces of information that would fit onto a single page that could actually do a lot of harm if violent sociopaths got hold of it. So I see the Neo-Nazism thing as just an advertising ploy, like the sound of a door bell, microwave bee

Yet I don't think anyone is really going to learn anything from it.All the people who don't think computers are some sort of mysterious magic already know it's a stupid idea to put a printer on the internet.

Weev made a much more sympathetic figure when he was busy being a symbol of prosecutorial overreach and badly designed computer security laws. He's a lot less sympathetic as a committed white supremacist troll. Also see: This is why we can't have nice things.

Funny, it doesn't look very defunct. Then again, it might look that way to an outsider, especially since it's basically won. Sites that were unethical, spouting garbage or running identity politics are either gone or suffering heavily financially. People who parroted those views have either quit or been fired, or moved down in the world to even worse sites. Not only can't you stop mentioning it, the media can't either. There's still 1-2 stories nearly every day about it. I think my personal favorite i

So who were they defeated by? Looks like to me you're pretty damn salty that a leaderless grassroots revolt against shitty journalists that ran their own giant story/article writing collusion group akin to Journolist(which was called Gamejournopros). The leaks from that easily show exactly how much collusion was going on in that. And you're also very salty at just how these incestuous people were caught giving giving hand outs to their friends, people they were shacked up with, or fucking. Sure does spea

You might ask yourself this, "Then why, Weev, why?" Well, I can tell you the answer to that... The answer is, "For the lulz."

For the lulz? Here is a one-hour interview with Weev on a well-known White Supremacist podcast. There are no lulz to be had, but a good deal of racism, discussion of "White Genocide" and promoting "noble European values".

That depends on where you live, sort of. Principally, they're still a thief but, if the car is running or the keys are in the ignition then it's "Unauthorized use of a motor vehicle." Well, that depends on where you live but in at least three jurisdictions that's the law as far as I understand it.

They're still going to prison but it's a different crime. There's also grand theft, which means it was a value greater than a certain amount, and amount that varies by jurisdiction - or so I'm given to understand.

On Slashdot? No. For the general public? Yes, probably. Heck, he used a Bash command! Anything today involving a command line is obviously "advanced computer use" for most people.

Also, I'm sure you've seen plenty of articles in the past few years talking about "iPhone hacks" or "Kindle hacks" or whatever, which often involve little more than being able to hit the "advanced" button on some menu and select a different option. If it's not a clear button that appears on your home screen and shouts "Clic

If your mother was a Jew, you're a jew. If you're mother wasn't a Jew, You aren't a Jew. Its not something you get to pick.

Wow, you sound just like my Grandmother! I mean, really, this is not a facetious joke. When I turned out atheist, I got that lecture repeatedly. Of course back as a young teenager, I wanted to be different and super special and everything, so I was all with the "ha! I'm not a jew" etc etc.

Fast forward a few decades and I'm still atheist, but I make the best chicken soup in the family.

Although I'm happy for someone to self-identify however they like, and I would happily stop identifying someone based on a label if they asked or I thought it offended them, I don't think that is entirely fair sentiment. Jew has traditionally, and still does for many people, mean someone descended from ancient Hebrews; in that way it differs from religion in that it isn't a label of your religious convictions. Obviously someone who doesn't self-identify as a Jew can make that personal

Bullshit! I voted for Sanders and if this weev fellow had printed "Sanders2016" on those printers I'd be saying the following:

"This Weev is an idiot, you don't support a candidate by breaking the law and accessing a huge number of networked resources you don't have authorization to use. Throw the book at him and send him to PMITA federal prison for life."